Skip to content
MozDef: The Mozilla Defense Platform
Branch: master
Clone or download
pwnbus Merge pull request #1121 from mozilla/fixup_pyyaml_warnings
Fix pyyaml warning messages to use safe loader
Latest commit f91dd14 Mar 18, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
alerts Merge pull request #1112 from mpurzynski/adjust_proxy_alerts Feb 28, 2019
benchmarking Fixup block comments not having a space after hash Dec 14, 2018
bot Remove .keys() call during key exists comparison Feb 15, 2019
cloudy_mozdef
config
cron
docker
docs Fix inline code markup in docs Jan 24, 2019
examples Remove .keys() call during key exists comparison Feb 15, 2019
loginput Fixup unused variables check Dec 14, 2018
meteor
mozdef_util
mq
rest Merge pull request #1105 from mozilla/fixup_keys_references Feb 27, 2019
static removing path to watchlist, removing watchlist from static, adding pr… Oct 30, 2018
systemdfiles Update python virtualenv path for service files Apr 20, 2018
tests
.flake8
.gitignore
.travis.yml upgrade travis docker-compose as per https://docs.travis-ci.com/user/… Oct 30, 2018
CONTRIBUTING.md Modifying urls to point to mozilla from jeffbryner, slight readabilit… Jun 15, 2017
LICENSE
Makefile
README.md
requirements.txt

README.md

Build Status Documentation Status

MozDef: The Mozilla Defense Platform

Why?

The inspiration for MozDef comes from the large arsenal of tools available to attackers. Suites like metasploit, armitage, lair, dradis and others are readily available to help attackers coordinate, share intelligence and finely tune their attacks in real time. Defenders are usually limited to wikis, ticketing systems and manual tracking databases attached to the end of a Security Information Event Management (SIEM) system.

The Mozilla Defense Platform (MozDef) seeks to automate the security incident handling process and facilitate the real-time activities of incident handlers.

Goals:

  • Provide a platform for use by defenders to rapidly discover and respond to security incidents.
  • Automate interfaces to other systems like bunker, cymon, mig
  • Provide metrics for security events and incidents
  • Facilitate real-time collaboration amongst incident handlers
  • Facilitate repeatable, predictable processes for incident handling
  • Go beyond traditional SIEM systems in automating incident handling, information sharing, workflow, metrics and response automation

Status:

MozDef is in production at Mozilla where we are using it to process over 300 million events per day.

Give MozDef a Try in AWS:

Launch MozDef

Documentation:

http://mozdef.readthedocs.org/en/latest/

You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.